http://www.legislation.gov.uk/id/ukpga/2018/12/schedule/1

http://www.legislation.gov.uk/ukpga/2018/12/schedule/1/part/1

Data Protection Act 2018

An Act to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner's functions under certain regulations relating to information; to make provision for a direct marketing code of practice; and for connected purposes.

text

text/xml

Statute Law Database

2024-04-02

Expert Participation

2024-03-08

Data Protection Act 2018

Sch. 3

para. 8(1)(y)

Adoption and Children Act (Northern Ireland) 2022

Sch. 3

para. 78(3)

s. 160(1)

Data Protection Act 2018

s. 204(1)(l)

The Anaesthesia Associates and Physician Associates Order 2024

Sch. 5

para. 7

art. 1(3)

SCHEDULES

SCHEDULE 1Special categories of personal data and criminal convictions etc data

PART 1Conditions relating to employment, health and research etc

Employment, social security and social protection

1

This condition is met if—

a

the processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection, and

b

when the processing is carried out, the controller has an appropriate policy document in place (see paragraph 39 in Part 4 of this Schedule).

2

See also the additional safeguards in Part 4 of this Schedule.

3

In this paragraph—

“social security” includes any of the branches of social security listed in Article 3(1) of Regulation (EC) No. 883/2004 of the European Parliament and of the Council on the co-ordination of social security systems (as amended from time to time);
“social protection” includes an intervention described in Article 2(b) of Regulation (EC) 458/2007 of the European Parliament and of the Council of 25 April 2007 on the European system of integrated social protection statistics (ESSPROS) F1as it had effect in EU law immediately before F4IP completion day.

Annotations:

Amendments (Textual)

Words in Sch. 1 para. 1(3) substituted (31.12.2020) by The UK Statistics (Amendment etc.) (EU Exit) Regulations 2019 (S.I. 2019/489), regs. 1, 3; 2020 c. 1, Sch. 5 para. 1(1)

Words in Sch. 1 para. 1(3) substituted (15.12.2021) by The UK Statistics (Amendment etc.) (EU Exit) Regulations 2021 (S.I. 2021/1300), regs. 1, 2

Health or social care purposes

2

1

This condition is met if the processing is necessary for health or social care purposes.

2

In this paragraph “health or social care purposes” means the purposes of—

a

preventive or occupational medicine,

b

the assessment of the working capacity of an employee,

c

medical diagnosis,

d

the provision of health care or treatment,

e

the provision of social care, or

f

the management of health care systems or services or social care systems or services.

3

See also the conditions and safeguards in Article 9(3) of the F2UK GDPR (obligations of secrecy) and section 11(1).

Annotations:

Amendments (Textual)

Words in Sch. 1 para. 2(3) substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 2 para. 91(2) (with reg. 5); 2020 c. 1, Sch. 5 para. 1(1)

Public health

3

This condition is met if the processing—

a

is necessary for reasons of public interest in the area of public health, and

b

is carried out—

i

by or under the responsibility of a health professional, or

ii

by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law.

Research etc

4

This condition is met if the processing—

a

is necessary for archiving purposes, scientific or historical research purposes or statistical purposes,

b

is carried out in accordance with Article 89(1) of the F3UK GDPR (as supplemented by section 19), and

c

is in the public interest.

Annotations:

Amendments (Textual)

Words in Sch. 1 para. 4(b) substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 2 para. 91(3) (with reg. 5); 2020 c. 1, Sch. 5 para. 1(1)